MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4a16c0063014b3cc0cedb1dd0f2ceb621c9f761bbba1136eb4479d33fd34e5b7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	4a16c0063014b3cc0cedb1dd0f2ceb621c9f761bbba1136eb4479d33fd34e5b7
SHA3-384 hash:	e7cf0474360f67fd8d97ff1ac59e3699d04513eb5cf0f4d91554c1fa85bd6c2e68522f1bae157ebf3b109e78b45d0ee3
SHA1 hash:	209100b38aa71fe1a92de6e9e16718d327255aa7
MD5 hash:	196e3fc9a141f8549e82431b4e5ec421
humanhash:	september-coffee-michigan-single
File name:	w.sh
Download:	download sample
Signature	Mirai Alert Create hunting rule
File size:	930 bytes
First seen:	2025-08-25 07:30:17 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	24:HgUYY9NI7zFKDI+IHtjWvTuIlP5ty2PbYnn:HgUYYozFq1IHtS7uqy2P8n
TLSH	T19C11CECA5661636749884D647065C589B066D9C071DC0FDEDDCC08F6AAE9A10732BF6C
Magika	asm
Reporter	abuse_ch
Tags:	mirai sh

Intelligence

---

File Origin

# of uploads :

1

# of downloads :

31

Origin country :

DE

Vendor Threat Intelligence

ClamAV Detected

Detection(s):

SecuriteInfo.com.Linux.Downloader-32.UNOFFICIAL

Alert

Create hunting rule

Sanesecurity.Malware.32160.LX.BOT.UNOFFICIAL

Alert

Create hunting rule

FileScan.IO Malicious

Verdict:

Malicious

Threat level:

  10/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/68ac11367137d684583af304/reports/012f93ae-0d17-48e3-8b42-7ba47f32886f/overview

Kaspersky OpenTIP Clean

Verdict:

Clean

File Type:

text

Link:

https://opentip.kaspersky.com/4a16c0063014b3cc0cedb1dd0f2ceb621c9f761bbba1136eb4479d33fd34e5b7/results?tab=lookup

Kunai Sandbox

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/d594ebb3-5d90-4df9-ab25-dd57feefe93c

Behavior Graph:

Download SVG

Nucleon Malprob Malware

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/4a16c0063014b3cc0cedb1dd0f2ceb621c9f761bbba1136eb4479d33fd34e5b7

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/4a16c0063014b3cc0cedb1dd0f2ceb621c9f761bbba1136eb4479d33fd34e5b7/

Neiki Family.MIRAI

Verdict:

Malicious

Threat:

Family.MIRAI

Link:

https://tip.neiki.dev/file/4a16c0063014b3cc0cedb1dd0f2ceb621c9f761bbba1136eb4479d33fd34e5b7

ReversingLabs TitaniumCloud Linux.Trojan.Alevaul

Threat name:

Linux.Trojan.Alevaul

Alert

Create hunting rule

Status:

Malicious

First seen:

2025-08-24 23:02:24 UTC

File Type:

Text (Shell)

AV detection:

19 of 38 (50.00%)

Threat level:

  5/5

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=jilmabrqcsz4ydhnwhoq6lhlmioj65q3xoqrg3vui6oth7ju4w3q._file

Hatching Triage Unknown

Result

Malware family:

n/a

Score:

  3/10

Tags:

n/a

Link:

https://tria.ge/reports/250825-jcahhacq7y/

Behaviour

Modifies registry class

Suspicious use of SetWindowsHookEx

Enumerates physical storage devices

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

YOROI YOMI Legit

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/4a16c0063014b3cc0cedb1dd0f2ceb621c9f761bbba1136eb4479d33fd34e5b7